SPACE - Security Posture Analysis and Confidence Evaluation

 
SPACE, a Missing Link Security proprietary process, uses a pinpointed risk analysis process for analyzing threats to and vulnerabilities of any system. That “system” includes the facility, the information systems within the facility and the people who operate within the environment – virtually and real. In addition to the threats and vulnerabilities, we also assess the potential impact that the loss of information or capabilities of the system would have on an organization or entity. We work with the client and use the analysis as a basis for identifying appropriate and cost-effective safeguards, as well as evaluating existing safeguards.

The SPACE assessment is tailored to meet your specific needs. We follow a simple four-step process.

 

The outcome of the SPACE assessment is a report that quantifies the confidence you should have in your existing security posture. This report will allow you to make decisions on where you want to improve your security procedures and enhance your security operations.

For a sample SPACE survey, please visit our Resource Center.
 

Certification and Accreditation


Missing Link Security develops or updates the full suite of Certification and Accreditation (C&A) artifacts that support the accreditation decision. These artifacts may include a System Security Plan, an Information Technology Contingency Plan, a Security Assessment Report, and the Plan of Action and Milestones. We are experts in the FISMA compliance standards as well as the DOD and Intelligence Community standards. Different agencies use different tools to collect and manage these artifacts. Some use the Trusted Agent Framework, others use the Cyber Security Assessment and Management tool, while others use tools developed internally. Our C&A practices adopt the processes and procedures already in use by our clients. If our client does not have one in place, we will select the most effective methodology based on their needs.

Certification and Accreditation often includes several other practices that support the C&A process. Some of these include:
  • System Inventory – Defining the inventory within the boundary of the system being accredited.
  • Interconnection Security Agreements – Assuring the interactions across the boundaries are properly documented and controlled.
  • Plans of Action and Milestones Management – Tracking, managing, and performing the necessary steps to mitigate all security issues.
  • Incident Response – Performing the proper procedures in response to a suspected or known breach.
  • Testing – Many types of testing are necessary to determine if the practices and procedures are effective.


Computer Forensics


Computer forensics is a branch of forensic science focused on legal evidence found in computers and digital storage devices. Computer forensics is also known as digital forensics.
The goal of computer forensics is to explain the current state of a digital artifact. The term digital artifact can include a computer system, a storage device (such as a hard disk, CD-ROM, or thumb drive), an electronic document (e.g. an email message or video) or even a sequence of packets moving over a computer network. The explanation seeks to answer basic question such as "What information is here?" and detailed questions such as "What is the sequence of events responsible for the present situation?


Reasons for Forensics


There are many reasons to perform computer forensics:
  • In legal cases, computer forensic is frequently used to analyze computer systems belonging to defendants (in criminal cases) or litigants (in civil cases).
  • To recover data in the event of a hardware or software failure.
  • To analyze a computer system after a break-in to determine how the attacker gained access and what the attacker did.
  • To gather evidence about an employee that may be participating in unacceptable behavior.
Special measures should be taken when conducting a forensic investigation to be used in a court of law. Two measures are critical. First, assure that the evidence has been accurately collected and, second, maintain a clear chain of custody from the scene of the crime to the investigator---and ultimately to the court.


Collecting Digital Evidence


Digital evidence can reside many sources. Obvious sources include computers, cell phones, digital cameras, hard drives, CD-ROM, USB memory devices, and so on. Non-obvious sources include settings of digital thermometers, black boxes inside automobiles, RFID tags, and web pages.

Special care must be taken when handling computer evidence: most digital information is easily changed, and once changed it is usually impossible to detect a change has taken place (or to revert the data back to its original state) unless other measures have been taken. Practices that are common in the handling of digital evidence include:
  • Imaging computer media using a write blocking tool to ensure that no data is added to the suspect device.
  • Establishing and maintaining the chain of custody.
  • Documenting everything that has been done.
  • Only using tools and methods that have been tested and evaluated to validate their accuracy and reliability.
Some of the most valuable information obtained in the course of a forensic examination will come from the computer user. An interview with the user can yield valuable information about the system configuration, applications, encryption keys and methodology.

In an investigation in which the owner of the digital evidence has not given consent to the examination (as in some criminal cases) special care must be taken to ensure that the forensic specialist has the legal authority to seize, copy, and examine the data. Sometimes authority stems from a search warrant. As a general rule, one should not examine digital information unless one has the legal authority to do so.
GSA Advantage

ISO Certified